As a result of disclosure of information in this report and in filings required of a public company, our business and financial condition will become more visible, which may result in threatened or actual litigation, including by stockholders and competitors. If such claims are successful, our business and operating results could be adversely affected, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and adversely affect our business and operating results.
In addition, as a result of our disclosure obligations as a public company, we have reduced flexibility and are under pressure to focus on short-term results, which may adversely affect our ability to achieve long-term profitability.
Item 1B. Unresolved Staff Comments
Not applicable.
Item 1C. Cybersecurity
We maintain a cybersecurity risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats and to protect the confidentiality, integrity, and availability of our critical systems and information.
The underlying process and controls of our cyber risk management program incorporate recognized best practices and standards for cybersecurity and information technology (“IT”), including the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). We have an annual risk assessment performed by a third-party specialist of our cyber risk management program against the NIST CSF. This assessment identifies, quantifies, and categorizes material cyber risks. In addition, the Company, in conjunction with our third-party specialists, have developed a risk mitigation plan to address such risks, and where necessary, to remediate potential vulnerabilities identified through the assessment process.
We maintain policies and processes over areas such as information security, IT asset lifecycle, data destruction, backup, access provisioning, and maintenance of network accounts, to help govern the processes put in place by management designed to protect our IT assets, data, and services from threats and vulnerabilities. We partner with cybersecurity providers and consultants (collectively, “providers”) leveraging third-party technology and expertise. These providers are a key part of our cybersecurity risk management strategy and infrastructure. These providers deliver services including systems inventory monitoring, vulnerability testing, user management including restricted access of privileged accounts, capacity monitoring, network protection and monitoring, endpoint protection, managed detection and response, remote monitoring and management, cybersecurity user awareness training, data backup management, incident response, cybersecurity strategy, and cyber risk advisory, assessment, and remediation.
Our management team, in conjunction with our third-party IT and cybersecurity service providers, is responsible for oversight and administration of our cyber risk management program, and for informing senior management and other relevant stakeholders regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our management team, in conjunction with our strategic third-party partners, oversees our cybersecurity technologies, initiatives, and processes, and relies on threat intelligence as well as other information obtained from governmental, public, or private sources, including external consultants engaged for strategic cyber risk management, advisory and decision making.
We have implemented third-party risk management processes to manage the risks associated with reliance on vendors, critical service providers, and other third-parties that may lead to a service disruption or an adverse cybersecurity incident. This includes an assessment of vendors during the selection and onboarding process, review of System and Organization Control (SOC) reports on an annual basis and a regular review of vendor contracts.
We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. We acknowledge that the risk of cyber incidents is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of business. The Company has not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, financial condition, results of operations, or cash flows. We proactively seek to detect and investigate unauthorized attempts and attacks against IT assets, data, and services, and to prevent their occurrence and recurrence where practicable; however, potential vulnerabilities to known or unknown threats will still remain.